1. Field of the Invention
The present invention pertains to the fields of web hosting, particularly to computer implemented systems and methods for facilitating web hosting from computers behind a Network Address Translation (NAT) gateway.
2. Description of Related Art
Since the Internet has gained vast appeal, various forms of web pages have been produced. Although there are numerous websites, only a small portion are built by owners due to the time consuming nature and complexity of the tasks involved in setting one up. Most websites are built by web hosting companies, even though individual website owners already have the resources, such as computers and network connections, to build and host their own websites.
In order to begin web hosting, various demanding tasks are required, such as setting up an HTTP server, registering a URL (uniform/universal resource locator) and obtaining a static (public) IP address. Further, creating a web site using HTML and other script languages is a burdensome task for most people and small businesses in terms of time and money. For those who have built their own websites, it might still be a daunting task to introduce and advertise that website to the public.
For this reason, most individuals use services such as blogs or homepage builders provided by portal sites or social networking sites rather than creating their own personal websites and homepages. Small businesses usually create and maintain their websites through web hosting companies instead of doing it themselves.
However, the services of large internet companies and web hosting firms are not the best solutions for individuals and are not always beneficial for small companies. If someone has his or her private blog hosted on an internet company's servers, the sites will be inflexible because those services generally provide narrow choices and limited freedom for individuals to design their own style of website. Additionally, unnecessary add-ons provided by some service providers, such as advertisements placed on the website, are often unavoidable. Creating an account and storing personal information on a company's servers cannot be free from the risk of leaking personal information. Further, for small companies and local businesses, the indirect way to maintain their websites with a hosting company can make the website difficult to maintain. All updates and changes could take a long time and could be a burden in terms of cost if all changes have to go through a hosting company. Although DIY web page building sites provide ways for users to build homepages for small businesses, all contents (i.e., pictures, documents and other files) must still be stored on the web hosting companies' servers, which makes building web pages slow and increases the cost of building the website. Moreover, internet browsers are often the sole tool for users to communicate with the web hosting company or service.
NAT is the most universal technology developed for resolving the issues caused by the lack of IP (Internet Protocol) addresses. NAT allows stations behind a NAT gateway (also referred to as a NAT, a NAT translator, a NAT device or a NAT application) to share a public IP address with a specific port number which is used to distinguish the station from others.
Such a method, being used by a NAT, does not cause any problems when stations behind a NAT attempt to connect to hosts outside of the NAT. However, when hosts outside the NAT attempt to connect to stations behind that NAT, such a connection is impossible because the IP addresses used by the stations behind the NAT are only available within the private network of the NAT. In addition, any outside attempts to connect to a station behind a NAT with a private address may lead to a wrong or failed connection. Moreover, when stations outside of the private network attempt to communicate with the stations behind the NAT, they must pass through the NAT. However, as NAT only remembers specific port numbers and allocates relevant packets for those ports to the stations behind the NAT upon their connection attempt, it does not allow the packets which originated from the connection attempt from outside the private network without the request of the stations within the private network (behind the NAT).
NAT technology allows stations to reliably share IP addresses and to block unnecessary connection trials from the outside, having the advantage of preventing extraneous intrusion. However, if both stations are behind their own NAT, neither station will be able to connect to each other, resulting in serious problems for games and VoIP programs where peer-to-peer connections are required.
For such reasons, several NAT traversal techniques have been introduced and, among them, the most commonly used method is STUN (Simple Traversal of UDP Through Network Address Translation Devices). Also called Hole Punching, this technology takes advantage of a principle which allows packets to pass through a NAT upon the connection attempt of the other station by sending additional packets.
In applications using UDP, Hole Punching technology is relied upon for business applications, owing to its extremely high success rate. However, such a method is not readily applicable to programs using TCP (transmission control protocol).
For instance, assuming that user A is behind NAT A and user B is behind NAT B, in the case that UDP is used, if user A sends a packet to user B in advance, NAT B will not allow user A's packet to pass and it will be discarded. If the packet is sent directly from user B to user A, NAT A, since it remembers the packet sent by user A, will allow user B's packet to pass and user A will be able to receive user B's packet, and such a packet exchange will be continued. However, in the case that TCP is used, when user A sends a packet, a SYN number is also sent, randomly allocated by the operating system, and user B must send a value to which 1 is added. But, because NAT B drops the first-sent packet, user B will be unable to identify a correct SYN number, resulting in difficulty establishing a connection.
Owing to such difficulties, the case of TCP is more complicated that that of UDP NAT traversal. There are four well known representative methods of TCP NAT traversal.
1. Simple Traversal of UDP Through NATs and TCP Too (STUNT #1)
Using a Low TTL (Time To Live) technique, which involves making a packet bypass its own NAT and expire before reaching its destination by setting a low TTL value, user A sends SYN to user B. Because this SYN has a TTL value just high enough to pass through NAT A, it will be returned with an ICMP (Internet Control Message Protocol) message before it reaches NAT B. At this time, if user A sends the SYN value to the server, which has a public address, referring to the returned ICMP, the server will send user A a correct SYN value along with SYNACK after changing it to user B's address. At the same time, user B also sends SYN to user A and carries on communication after establishing a connection by extracting a SYN value from the ICMP in the same way.
2. Simple Traversal of UDP Through NATs and TCP Too (STUNT #2)
Like STUNT #1, user A sends SYN using a Low TTL technique. This SYN opens a specific port while it is passing through NAT A. After it passes through NAT A, it will be returned again, generating an ICMP message before reaching NAT B. Then, user B sends a new SYN and NAT A, even though it expects SYNACK because SYN has gone to user B, allows SYN in consideration of simultaneously opening TCP, which is designed to allow them to establish the connection when user A and user B send SYN at the same time, and the connection will be reestablished by the SYNACK (the reply of SYN) sent by user A.
3. NAT Blaster
As is the case with the above STUNT #1 method, users A and B send SYN to each other using a Low TTL technique. If the SYNs sent by the users are returned, the necessary value will be extracted from the SYNs and the value will be sent through an auxiliary communication channel using a medium such as an intermediary server. User A and user B send each other SYNACK, referring to SYN and SEQ, and they establish a connection while sending ACK.
4. Peer to Peer NAT
Peer to Peer NAT is a way of establishing a connection, dependent upon the simultaneous opening of TCP without using Low TTL and, in this case, user A and user B simultaneously send SYN to each other. At this moment, as both NATs have already sent an outbound SYN, they will be able to accept an inbound SYN. As a result, each user can establish connections while continuing SYNACK.
According to the Characterization and Measurement of TCP Traversal through NATs and firewalls, the success rate of each case is as follows: STUNT #1 (75˜87%), STUNT #2 (68˜86%), NAT Blaster (70˜83%) and Peer to Peer (NAT 45˜85%). Although these methods may seem to show a high success rate, a failure rate higher than 10% is unacceptable for business purposes. Further, in many cases, reading a SYN value upon receiving an ICMP message (as used for NAT Blaster) is impossible depending on the operating system of the relevant user. Therefore, it is inapplicable and the Low TTL technique, used for STUNT #1, STUNT #2, and NAT Blaster, is also not free from the probability of failure because the response of NAT to ICMP error message can be varied. In addition, now that the acceptable range of Raw Socket Programming may vary according to operating system, its application may be subordinate to the type of operating system.